core/bpf: lsm_bpf_supported() returns a boolean

The code was corret, but confusing, because it was treating the int
as a boolean.

diff --git a/src/core/bpf-lsm.c b/src/core/bpf-lsm.c
index 83f3199349ce2a78b8f8a8de45887242d6bcfb12..174aa259c02f41beeac4dbfa1aeb787755a61e35 100644 (file)
--- a/src/core/bpf-lsm.c
+++ b/src/core/bpf-lsm.c
@@ -125,7 +125,7 @@ static int mac_bpf_use(void) {
         }
 }
 
-int lsm_bpf_supported(void) {
+bool lsm_bpf_supported(void) {
         _cleanup_(restrict_fs_bpf_freep) struct restrict_fs_bpf *obj = NULL;
         static int supported = -1;
         int r;
@@ -136,44 +136,44 @@ int lsm_bpf_supported(void) {
         r = dlopen_bpf();
         if (r < 0) {
                 log_info_errno(r, "Failed to open libbpf, LSM BPF is not supported: %m");
-                return supported = 0;
+                return (supported = false);
         }
 
         r = cg_unified_controller(SYSTEMD_CGROUP_CONTROLLER);
         if (r < 0) {
                 log_warning_errno(r, "Can't determine whether the unified hierarchy is used: %m");
-                return supported = 0;
+                return (supported = false);
         }
 
         if (r == 0) {
                 log_info_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
                                "Not running with unified cgroup hierarchy, LSM BPF is not supported");
-                return supported = 0;
+                return (supported = false);
         }
 
         r = mac_bpf_use();
         if (r < 0) {
                 log_warning_errno(r, "Can't determine whether the BPF LSM module is used: %m");
-                return supported = 0;
+                return (supported = false);
         }
 
         if (r == 0) {
                 log_info_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
                                "BPF LSM hook not enabled in the kernel, LSM BPF not supported");
-                return supported = 0;
+                return (supported = false);
         }
 
         r = prepare_restrict_fs_bpf(&obj);
         if (r < 0)
-                return supported = 0;
+                return (supported = false);
 
         if (!bpf_can_link_lsm_program(obj->progs.restrict_filesystems)) {
                 log_warning_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
                                   "Failed to link BPF program. Assuming BPF is not available");
-                return supported = 0;
+                return (supported = false);
         }
 
-        return supported = 1;
+        return (supported = true);
 }
 
 int lsm_bpf_setup(Manager *m) {
@@ -297,8 +297,8 @@ void lsm_bpf_destroy(struct restrict_fs_bpf *prog) {
         restrict_fs_bpf__destroy(prog);
 }
 #else /* ! BPF_FRAMEWORK */
-int lsm_bpf_supported(void) {
-        return 0;
+bool lsm_bpf_supported(void) {
+        return false;
 }
 
 int lsm_bpf_setup(Manager *m) {

diff --git a/src/core/bpf-lsm.h b/src/core/bpf-lsm.h
index 8bd58a29e53e029360f7393bdbc0dbd245a7675f..e609d99330b37c7c69e5a09c98f813150797e7d9 100644 (file)
--- a/src/core/bpf-lsm.h
+++ b/src/core/bpf-lsm.h
@@ -14,7 +14,7 @@ typedef struct Manager Manager;
 
 typedef struct restrict_fs_bpf restrict_fs_bpf;
 
-int lsm_bpf_supported(void);
+bool lsm_bpf_supported(void);
 int lsm_bpf_setup(Manager *m);
 int lsm_bpf_unit_restrict_filesystems(Unit *u, const Set *filesystems, bool allow_list);
 int lsm_bpf_cleanup(const Unit *u);

diff --git a/src/test/test-bpf-lsm.c b/src/test/test-bpf-lsm.c
index e0e1b7f38fc1ce33cccf47ac73f77ba7c5cc1aa7..d2b5c96624545054360efbae7f2bf34f146eef17 100644 (file)
--- a/src/test/test-bpf-lsm.c
+++ b/src/test/test-bpf-lsm.c
@@ -78,8 +78,7 @@ int main(int argc, char *argv[]) {
         if (!can_memlock())
                 return log_tests_skipped("Can't use mlock()");
 
-        r = lsm_bpf_supported();
-        if (r <= 0)
+        if (!lsm_bpf_supported())
                 return log_tests_skipped("LSM BPF hooks are not supported");
 
         r = enter_cgroup_subroot(NULL);